“Jailbreaking” is the process of altering iOS devices (e.g., iPhones, iPads) to run unsigned code. Apple controls apps on iOS by signing them with it’s private key. This inhibits an attacker’s ability to run unauthorized applications (i.e., applications not authorized by Apple).
“Rooting” is the act of attaining root privileges on your Android phone. This can be done by overwriting the phone firmware that provides users with full system access on their Android phones. This includes the capability to run apps expressly forbidden by carriers or by the phone manufacturer.
Jailbreaking and rooting are different. Jailbreaking relaxes the restriction of running signed code only, whereas rooting allows full system access to the phone. In Android, a user can configure the phone to run unsigned applications simply by changing the phone settings. Therefore, rooting is done when more control over system files is needed.
Risks of Jailbreaking
Attackers love jailbroken phones! If a vulnerable app is installed on a jailbroken phone, attackers can easily exploit them. When the phones are not jailbroken, exploitation is difficult because attackers’ exploits need to be signed by Apple. This is not a trivial task to accomplish!
Moreover, in jailbroken phones, a user could have many “repos” (or app stores, like Apple’s App store but for jailbroken phones). From such stores, users can install any app – malicious or otherwise. These apps essentially have complete control of the phone’s filesystem, including keychains (that protect all passwords and Wi-Fi keys). On a non-jailbroken phone, Apple acts as the “police” prohibiting such malicious behavior.
Risks of Rooting
The growth in mobile malware on the Android platform has been rapid. Moreover, when most users install apps, they rarely analyze the permissions required by these apps. On an unrooted phone, massive changes are still prevented, which protects users to some extent. But this control is lifted on rooted phones. A malicious app author could install kernel modules/rootkits on a rooted phone with relative ease.
Risks to Corporations’ MDM Strategy
Jailbroken/rooted phones (or “unauthorized devices”) put enterprise data at risk along with the users’ personal information. Attackers can access all the information on these phones. They can even obtain corporate network access since many of the phones have VPN capabilities. The Mobile Device Management (MDM) paradigm aims to mitigate such risks, and unauthorized devices pose a direct threat to this paradigm.
Today, the organizations that are either not using an MDM solution or are allowing unauthorized devices to have access to corporate resources are trusting the mobile device bearers to be the last defense of their corporate network.
This puts the enterprise in great danger. If any user makes a wrong decision, the entire organization is at risk. Without technical controls imposed by MDM solutions, an organization cannot effectively take the onus of their enterprise security away from the device users and place it into its own hands.
What pitfalls have you observed with jailbroken/rooted devices? Share your observations, and please feel free to comment, or learn more about mobile security from AT&T.